commit fd8947afc2815cc3316513fe4461d8d8096eddea Author: Nick Mathewson nickm@torproject.org Date: Sun Feb 2 15:45:00 2014 -0500

Move the friendly warning about TPROXY and root to EPERM time

I'm doing this because: * User doesn't mean you're running as root, and running as root doesn't mean you've set User. * It's possible that the user has done some other capability-based hack to retain the necessary privileges. --- src/or/config.c | 7 ------- src/or/connection.c | 8 ++++++-- 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/src/or/config.c b/src/or/config.c index a2366c0..c921bb7 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2540,13 +2540,6 @@ options_validate(or_options_t *old_options, or_options_t *options, REJECT("Cannot use TransTPROXY without any valid TransPort or " "TransListenAddress."); } - /* Friendly suggestion about running as root initially. */ - if (!options->User) { - log_warn(LD_CONFIG, - "You have enabled TransTPROXY but have not specified the " - ""User" option. TransTPROXY will not function without " - "root privileges."); - } } #else if (options->TransPort_set || options->TransTPROXY) diff --git a/src/or/connection.c b/src/or/connection.c index 7d8feeb..6dbba66 100644 --- a/src/or/connection.c +++ b/src/or/connection.c @@ -1039,9 +1039,13 @@ connection_listener_new(const struct sockaddr *listensockaddr, if (options->TransTPROXY && type == CONN_TYPE_AP_TRANS_LISTENER) { int one = 1; if (setsockopt(s, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) < 0) { + const char *extra = ""; int e = tor_socket_errno(s); - log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s", - tor_socket_strerror(e)); + if (e == EPERM) + extra = "TransTPROXY requires root privileges or similar" + " capabilities."; + log_warn(LD_NET, "Error setting IP_TRANSPARENT flag: %s.%s", + tor_socket_strerror(e), extra); } } #endif